February 28, 2012

Web applications such as Google Mail, Facebook and Amazon are used every day. However, so far there are no methods to test them systematically and at low cost for malfunctions and security vulnerabilities. Therefore, computer scientists from Saarland University are working on automatic methods of testing, which check complex web applications autonomously. For the first time, they will present this work at exhibition booth F34 in hall 26 at the computer fair Cebit. The trade show will take place from March 6 to 10 in Hannover.

"Ineffective and inefficient" is Valentin Dallmeier's assessment of the methods that web developers and responsible project leaders rely on to try to find programming errors and security holes in web applications. Dallmeier is a postdoc working at the software engineering chair of Saarland University. Its main focus is systematic automated debugging. The developed methods are functioning very well with typical computer programs. Dallmeier and his colleague Martin Burger have built on that basis, and aim to develop a software system that will determine automatically why Web 2.0 applications fail.

Web applications run centrally on an online server. Therefore, in contrast to conventional programs, they are not installed on the user's computer or laptop; instead, the user interacts with them via a web browser. In recent years, thanks to new web development technologies such as Asynchronous JavaScript and XML (AJAX), web applications can be used as smoothly as if they were installed on personal computers. AJAX takes care of organizing the transfer of data packets between the user's computer and server in such a way that the delays incurred by the connection are barely noticeable. Hence, not only private users but also companies and the public sector are adopting web applications more and more. However, their quality control has not improved.

"This is still done manually and therefore causes not only very high costs, but also high levels of risk for companies and the community," Burger explains. He refers to an article from last December, which revealed that incorrect programming of the "Facebook" social network made it possible to access saved, private photos of members.

Dallmeier and Burger want to prevent such worst-case scenarios and other breakdowns through their software "Webmate." Businesses and their responsible web administrators will only have to type in their Web address. Afterwards the system will automatically discover how the different components of the application are connected to each other and via which menus, buttons, and other control panels the users are interacting with the application.

Subsequently, it will generate and carry out test scenarios. If it discovers, for example, that the application is not compatible with a certain version of a browser, or a control panel no longer exists in a new version of the application, the system will inform the developer immediately – likewise if a database is not connected, a server does not respond, or a link is dead. The web developer should be able to repeat this test at any time.

In the future, the service will be offered to companies for a fee. The researchers want to promote the technology through their own business, and hope to receive a patent. They will found their own company within the next few months. Dallmeier, the leader of the project, is confident that it is possible to implement the software system soon. "We have done the basic work over the last three years, and we even did some feasibility studies," he says. He estimates the market potential in Germany alone to be 120 million Euros annually.

---

Image Caption: Saarland University computer scientists develop methods to check Web 2.0 applications for malfunctions, as well as compatibility with different browser versions. Credit: Uwe BellhÃ¤user